Africa

Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

Menu
Database Crime Scene Prevention

Database Crime Scene Prevention

Imperva's Amichai Shulman looks at database attack and defense.

Amichai Shulman (CSO Online)
Comments

1. Tools of the Trade

A perpetrator's first step toward attacking a database server is to obtain the right tools. These are surprisingly easy to obtain, even for internal users. Security officers often underestimate internal threats by making the following assumptions:

  • Internal users are not "hackers" with hacking tools and they are not equipped to produce "hacking tools" themselves.

  • Security policies on internal workstations will deny software installation by end-users.

While both assumptions are probably valid, they have nothing to do with the ability of end-users to get their hands on tools for database attacks. As is turns out, most types of attacks (SQL related) can be executed through standard database client software such as the one provided by default from the database vendor (e.g. Query Analyzer, SQL Plus, etc.). This software is usually part of the basic installation for any workstation in the enterprise.

Moreover, almost all the capabilities required for database attacks can be found in the tools of typical office software such as Microsoft Excel. Other types of attacks (such as network protocol related attacks) can be constructed using a simple text editor such as Notepad, WordPad or a Telnet client. Finally, in many organizations users have remote access to the internal network through their home computers where no software installation restrictions exist.

2. Initial Access

There are two elements required for making initial contact with the database server. The attacker needs network access to the database server machine and a set of valid access credentials (i.e. username and password). Network access to the database server is usually an easy task considering the lax internal network security found in most enterprises. Even when some internal access restrictions exist within the network, many workstations are allowed to communicate with the database server due to thick-client applications that are provided to users. These applications contain all the application logic on the client side and communicate directly with the database server rather than through an intermediary application server.

Some types of infrastructure attacks prey on database vendor-specific vulnerabilities that require no more than this initial access in order to take down a server or execute arbitrary code. However, for most attacks an attacker must provide a valid set of access credentials. These credentials can be obtained through various methods, assuming that the perpetrator was not given them rightfully. The following are some of the methods perpetrator's use to obtain access credentials.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimedatabase

More about ADCCrucialExcelIPSMicrosoftOpen MarketOraclePLUS

Show Comments